Secure Flight Final Rule Questions and Answers Date: July 2010

Version 3JM

Updates in dieser Version SR DOCS entry format Amadeus and Apollo

Content TSA Secure Flight Program....................................................................................................................... 2 How does Secure Flight affect Air travellers?......................................................................................... 2 What are the benefits of Secure Flight? .................................................................................................. 2 Where do customers find further information about the secure flight program? ............................... 2 Does the name on the ticket/boarding pass need to match the name on the passengers ID? ...... 2 In which format are Secure Flight Passenger Data entered into the booking (PNR – passenger name record)................................................................................................................................................ 3 APIS and Secure Flight.............................................................................................................................. 3 ESTA and Secure Flight............................................................................................................................. 3 What happens if the Secure Flight Passenger Data are not entered into the booking?.................. 4 What happens if Secure Flight Passenger data are incomplete by error wrong?............................. 4 When should the SFPD be collected? ..................................................................................................... 4 Are short term bookings (less than 72hs before departure) still allowed? ......................................... 4 Yes, but in these cases TSA requires to collect SFPD at time of booking. ....................................... 4 As data is to be sent to TSA 72 hours before departure, will there be problems for booking changes or new bookings which are done in less than 72hours?....................................................... 4 Are Travellers allowed not to provide SFPD to Lufthansa?.................................................................. 5 Are the Lufthansa rules also applicable for code share flights? .......................................................... 5 Which Lufthansa Flights are affected by the Secure Flight Program and will Lufthansa show this information at time of booking?................................................................................................................. 5 What happens to existing, old booking which do not contain SFPD................................................... 5 Does Lufthansa have any plans to queue new bookings that do not contain SFPD at a given time before departure to the booking office? .......................................................................................... 5

Secure Flight program – FAQ’s FRA XD/B-L, BE Version 1

1

TSA Secure Flight Program Secure Flight Final Rule is a program developed to provide uniform watch list matching by the U.S. American Government Agency, the Transportation Security Administration (TSA). The mission of the Secure Flight program is to enhance the security of international and domestic commercial air travel through the use of improved watch list matching e.g. to prevent individuals from the No Fly list from boarding an Aircraft. Each Airlines has an individual implementation date, therefore it may happen that Airlines communicate different Dates. As a general rule, TSA does not accept any bookings without Secure Flight Passenger Data (SFPD) as of 01.11.2010 for all Airlines. How does Secure Flight affect Air travelers? To comply with the Transportation Security Administration's Secure Flight policy, the following information must be provided and must match the government-issued photo identification that will be used for travel: Full name (as it appears on passenger's government-issued ID) Date of birth Gender Redress Number (if available)* *Those who encounter misidentification are invited to apply for redress at www.dhs.gov/trip to help prevent watch list matching misidentifications in the future. TSA requires all Airlines which operate a flight to/from the USA to send this data 72 hours for ticketed bookings before the scheduled flight. TSA will match it against the No Fly and Selectee watch lists. TSA will transmit the result of the matching process to the operating Airline at time of check-in, and if the match is negative (passenger is not on the watch lists) the boarding pass can be printed the passenger may start his journey and is allowed to travel to the USA. (Other existing entry requirements have to be observed as well) In case of a positive match, Secure Flight will serve to prevent individuals on the No Fly List from boarding an aircraft, as well as to subject individuals on the Selectee List to enhanced screening (e.g. via TSA Call Center) or determine if they are permitted to board an aircraft, that is to start the booked journey. What are the benefits of Secure Flight? Secure Flight provides numerous benefits to the traveling public. First, Secure Flight protects sensitive watch list data. The program also enables officials to address security threats sooner, keeping air travel safer. By implementing one watch list matching system, the program provides a fair and consistent matching process across all airlines and reduces the chance of being misidentified. Secure Flight offers an improved redress process, so that those who are mistakenly matched to the watch list can avoid further problems in the future. For more information on the redress process, visit www.dhs.gov/trip. Where do customers find further information about the secure flight program? Detailed information on secure flight is published under www.tsa.gov . Does the name on the ticket/boarding pass need to match the name on the passengers ID? Due to system restrictions it may happen that the name on the ticket/boarding pass does not fully match the name on the passenger’s ID. But the name provided for Secure Flight Passenger Data (SFPD) is Secure Flight program – FAQ’s FRA XD/B-L, BE Version 1

2

used to perform the watch list matching and needs to match the name on the passengers ID. Small differences between the name on the ticket and the name provided for SFPD should not have any serious impact. Nevertheless a close as possible match may help to avoid potential mis-interpretations. . In which format are Secure Flight Passenger Data entered into the booking (PNR – passenger name record) The entry format follows the APIS format – it is done via “special service request – SSR elements”. It is recommended to enter the carrier code “YY” as in that case the Data is transmitted automatically to all booked carriers. Examples for entry formats: Amadeus Secure Flight passenger data (SFPD): SRDOCS YY HK1-----30JUN73-M-MUELLER-PAUL/P1 (male adult) SRDOCS YY HK1-----30JUN77-F-MUELLER-PETRA/P2 (female adult) SRDOCS YY HK1-----12JAN10-FI-MUELLER-SONIA/P2 (Infant) Redress number information (not mandatory - only inserted if passenger advises they have a redress number) SRDOCO YY HK1--R-123456789---US/P1 SRDOCO YY HK1--R-45675567---US-I/P1/S3 (Infant) Galileo: (SSR created for segment 1, SFPD) SI.P1S1/DOCS*////12JUL66/M//MAIER/JOHN/PAUL Apollo: (SSR created for segment 1, SFPD) 3DOCSN1/////12JUL66/M//MAIER/JOHN/PAUL Sabre: (SSR created for segment 1, SFPD) 3DOCS1/DB/12JUL66/M//MAIER/JOHN/PAUL-1.1 (Adult) 3DOCS1/DB/07JUL2008/MI/ADAMS/BABY-1.1 (Infant) Worldspan: 3SSRDOCSYYHK1/////12JUL66/M// MAIER/JOHN/PAUL -1.1 More detailed information regarding the entries can be obtained via the local GDS’s helpdesks or helppages. APIS and Secure Flight In case the booking contains full APIS information (Address, Travel ID, Name, Gender, Passport etc,) an additional element for secure flight is not required. But contrary to APIS Data, which can be added even at time of check-in, TSA mandates for secure flight that the data have to be transmitted via the booking 72 hours prior to departure. Data collection at time of check-in is not in line with the goal of the secure flight program, which is to have an early matching against the watch-lists to increase the security of international and domestic commercial air travel. . ESTA and Secure Flight Since 20 March 2010 airlines are required to carry out ESTA checks: the transport of passengers wishing to enter the USA without a visa under the Visa Waiver Program is prohibited for all Airlines if passengers Secure Flight program – FAQ’s FRA XD/B-L, BE Version 1

3

have not received an electronic entry permit in advance from the US authorities. Therefore, ESTA is not related to Secure Flight. The goal of Secure Flight is, to increase the security of international and domestic commercial air travel. What happens if the Secure Flight Passenger Data are not entered into the booking? TSA mandates Airlines to transmit all Reservations in/out of the USA to the US-Department of Homeland Security – independent whether the Secure Flight Passenger Data are available or not. TSA announced in June 2010 that […] “Passenger reservations without full SFPD will be rejected by Secure Flight” […] Based on this information, the risk is that neither online nor kiosk check-in is available, as TSA only allows the print of boarding passes, if the match against the selectee/No Fly Watch lists is negative (passenger is not on the selectee or no fly list). In case no SFPD data is in the booking, the match can not be done, which may lead to the fact that the boarding pass can not be printed without additional security measures at the Airport. Another potential result is that passenger(s) represented by that PNR be denied boarding on the covered flight. There may be in the future a requirement from the US TSA to cancel bookings which do not contain SFPD. What happens if Secure Flight Passenger data are incomplete by error wrong? In case data is incomplete and/or wrong, they can either be added/changed via the above mentioned SSR Elements. Lufthansa passengers can add/change SFPD via www.lufthansa.com by entering the Amadeus Record locator. In case of wrong and/or incomplete SFPD, passengers run the risk that matching with the watch lists may give a wrong result. The passenger can get by error the status “selectee” or even “no fly”, which may result in additional security screening at the airport or that the passenger may be denied boarding on the respective flight. When should the SFPD be collected? It is recommended to collect the data directly at time of reservation and to enter it into the booking. Latest 72 hours before departure Data is mandatory in ticketed bookings, as at that time Airlines have to transmit the data to TSA. Are short term bookings (less than 72hs before departure) still allowed? Yes, but in these cases TSA requires to collect SFPD at time of booking. As data is to be sent to TSA 72 hours before departure, will there be problems for booking changes or new bookings which are done in less than 72hours? No, TSA mandated that all data captured in the bookings are to be sent to the TSA 72 hours prior to scheduled flight departure. For reservation data that is added or changed within 72 hours, data is updated and sent immediately. Therefore in these cases it is mandatory to enter the SFPD directly at time of booking.

Secure Flight program – FAQ’s FRA XD/B-L, BE Version 1

4

Are Travellers allowed not to provide SFPD to Lufthansa? According to the legal binding general terms and conditions, following rules apply to Lufthansa customers: ” 13.1.1. You are responsible for obtaining all required travel documents and visas and for complying with all laws, regulations, orders, demands and travel requirements of countries to be flown from, into or through which you transit.” Lufthansa is entitled to refuse carriage, if [...] „7.1.1. Such action is necessary to prevent violation of any applicable laws, regulations, or orders of any state to be flown from, into or over [...]. Therefore Lufthansa customers are obliged to provide SFPD. Are the Lufthansa rules also applicable for code share flights? As TSA requires the transmission of SFPD from the operating Airline, it may happen that Airlines implement different measures. For LH marketing flight number on a flight operated by a partner Airline, the rules which are communicated by the respective partner Airline apply. For all Lufthansa operated Flights, Lufthansa rules apply. (E.g. Obligation of the customer to provide the data according terms and conditions, and the following additional information/queue messages) Which Lufthansa Flights are affected by the Secure Flight Program and will Lufthansa show this information at time of booking? All Lufthansa operated flights in/out of the USA are affected by the Secure Flight Program. In order to help you to identify the affected flights, Lufthansa plans to show as of 10th of August following additional segment Information at time of booking:

SEC FLT PSGR DATA REQUIRED 72 HBD – SSR DOCS The information will be shown below the booked segment and stored in the background of the booking. (E.g. in Amadeus it can be displayed via RTSVC) What happens to existing, old booking which do not contain SFPD The TSA requirement to add SFPD is valid for all Flights as of 01.11.2010 – independent from the date the Booking was made. That means that it is mandatory to include SFPD also for already existing bookings for all Flights departing as of 01.11.2010. In order to allow you to identify existing bookings without SFPD, Lufthansa will queue in September 2010 old bookings (start of journey 01.11.2010) to the booking office. The bookings will contain a SSR OTHS element with following information: SEC FLT PSGR DATA REQUIRED 72 HBD. This allows you to contact your customers so that the data which is required from TSA can be collected. Does Lufthansa have any plans to queue new bookings that do not contain SFPD at a given time before departure to the booking office? Yes, in order to allow the collection of SFPD (either via the booking or via www.lufthansa.com) LH – as an Amadeus Carrier – will use a functionality currently under development at Amadeus. A new SSR ADPI (Advise Passenger Information) will be used to provide following information: SEC FLT PSGR DATA REQUIRED 72 HBD in the booking. The booking will be queued to the booking office. As this functionality is still being developed, it is not yet possible to inform the exact timing for the queue message. Most probably it will be approximately. 3 weeks before the booked flight. We will advise as soon as more detailed information is available. Secure Flight program – FAQ’s FRA XD/B-L, BE Version 1

5